|
|
|
This sample scenario shows how to restrict key access using the ADDTO and PERMIT commands on CA Top Secret. The first ADDTO statement restricts all users from accessing any key on any BES subsystem. The second ADDTO statement indicates that you want to control access to the symmetric key named AES256_KEY on BES1. The PERMIT statements indicate that only users SECADMIN and SYSADMIN are permitted to use this key on BES1. Because the first ADDTO statement defines the default behavior for key protection as PROTECT, no other users can use any key on any active subsystem.
TSS ADDTO(DEPT01) CA@BES(BES.KEYS.PROTECT) TSS ADDTO(DEPT01) CA@BES(BES1.KEYSYMM.AES256_KEY) TSS PERMIT(SECADMIN) CA@BES(BES1.KEYSYMM.AES256_KEY) ACCESS(READ) TSS PERMIT(SYSADMIN) CA@BES(BES1.KEYSYMM.AES256_KEY) ACCESS(READ)
If you want to permit other keys to be available, use an ADDTO statement and a PERMIT statement for each key and each subsystem to define the permissions for each subsystem.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |